earticle

영어

Cloud services are so efficient and flexible to expend and manage the service so that various cloud services are commercially implemented and provided by KT uCloud, Amazon EC2, and the other companies. As could service are quickly deployed, more security problems occurs and cloud forensic procedures for cloud systems are needed. But, in multi-users serviced cloud systems, a system suspension makes serious problems to users so that collecting evidences and analysis have to be performed in the field and live analysis is important in cloud systems. Cloud system based on Hadoop distributed file system has characteristics of massive volume of data and multi-users, physically-distributed data, and multi-layered data structures. The previous forensic procedures and methodologies are not appropriate for cloud system based on Hadoop distributed file system. In order to deal with those characteristics of cloud system, we propose Hadoop based cloud forensic procedure that supports static analysis after live analysis and live collection without system suspension, and Hadoop based cloud forensic guidelines. With our proposed Hadoop based cloud forensic procedure, we can decrease the time for evidence collection and evidence volume